-
Epic
-
Resolution: Done
-
Blocker
-
None
-
ACM Fine Grained RBAC TECH-Preview
-
Product / Portfolio Work
-
False
-
-
False
-
Green
-
Done
-
VIRTSTRAT-51 - Enable fine-grained RBAC support in ACM for Virt use cases
-
-
0% To Do, 0% In Progress, 100% Done
Epic Goal
Skip first base and ... got direct to TECH-Preview of fine-grained RBAC based on discussion the last months see DDR for fine-grained-rbac
This work is mainly for integration with OpenShift Virtualization
Why is this important?
The Virtual Machine view, needs to be able to filter Virtual Machines based on namespaces that a given user is granted access to at the ACM hub level.
Scenarios
As a virtual machine user, I should see the virtual machines that are in the projects I have been granted access too. Access to projects for users or groups is done view ClusterPermission resources in the development preview.
Acceptance Criteria
If user1 has kubevirt.io:* on the project foo ONLY, they should NOT see virtual machines from namespace bar.
Dependencies (internal and external)
- Aggregate API Server
ACM-18470 - RFE - ClusterPermissions to allow JUST the creation of RoleBiniding and ClusterRoleBinding ACM-18969
Previous Work (Optional):
- ClusterPermissions CRD & Controller
- [Kessel POC that can create a ClusterPermission|Management Fabric - ACM / CNV PoC - Google Docs]
Open questions:
- Can we move the kessel flag forward in parallel
- Where do we converge kessel
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Figure out where and how we document that this affects ClusterPermissions and search results.
- Considerations were made for Extended Update Support (EUS)
- account is impacted by
-
ACM-17982 Design: ACM CNV Integration Enhancements (console focus)
-
- Closed
-
- depends on
-
ACM-17855 Search API queries RBAC API for Virtual Machine authorization
-
- Closed
-
-
ACM-19141 How does RBAC UI get users and groups as defined in IdP
-
- Closed
-
- is blocked by
-
ACM-15712 ACM CNV Implement impersonation for VM related actions
-
- Closed
-
-
ACM-19547 Providing an aggregated API to list kubevirt projects based on ClusterPermission
-
- Closed
-
-
ACM-18470 Providing an aggregated API to list kubevirt projects based on user provided ClusterPermission
-
- Closed
-
- is duplicated by
-
ACM-17231 ACM Implement outcome of CNV-54365 for search - Confirm VM stop / restart / pause actions
-
- Closed
-
- is related to
-
ACM-16128 Apply single Cluster Gitops-RBAC for MultiCluster
-
- New
-
-
RFE-6826 Granular RBAC for ACM's application lifecycle to support developer end-users leveraging logins at the ACM hub for their app-health needs
-
- Refinement
-